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Art Unit: 2196 

DETAILED ACTION 
Claim Objection 

1 . Claim 1 0 is objected to for lack of antecedent basis "the number of password 
line 7. 

Figure Objection 

2. Figure 31 should be designated by a legend such as -Prior Art- because only 
that which is old is illustrated. See MPEP § 608.02(g). Corrected drawings in 
compliance with 37 CFR 1.121(d) are required in reply to the Office action to 
avoid abandonment of the application. The replacement sheet(s) should be 
labeled "Replacement Sheet" in the page header (as per 37 CFR 1 .84(c)) so as 
not to obstruct any portion of the drawing figures. If the changes are not accepted 
by the examiner, the applicant will be notified and informed of any required 
corrective action in the next Office action. The objection to the drawings will not 
be held in abeyance. 

Claim Rejections -35 USC §101 

1. 35 U.S.C. 101 reads as follows: 



Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 
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2. Claims 8, 13-15, and 21-23 are rejected under 35 (JSC 101 because the claimed 
invention is directed to non-statutory subject matter. 

3. With regard to claims 8, 13-15, and 21-23, a "program" is being recited; and is 
directed towards functional descriptive material that is lacking a computer 
readable medium to be used in a computer system; therefore, it is ineligible for 
protection. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claims 1,7-10, 12-13, 15-18, 21-23 are rejected under 35 U.S.C 112 second 
paragraph, as being indefinite for failing to particularly point out and distinctly 
claim the subject matter which applicant regards as the invention. 

The following limitations are not clearly understood, rendering the corresponding 

claims vague and indefinite: 

a. "the same generation procedure as that use by a password guessing 
tool" line 3-4 of claims 1 and 7; lines 4-5 of claims 8 and 9; lines 6-7 of 
claims 10 and 12; lines 7-8 of claims 13 and 15; lines 4-5 of claims 16; 
lines 5-6 of claim 17; lines 5-6 of claim 21 and lines 6-7 of claim 22 is 
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indefinite and vague since it does not specifically disclose which 
procedure of password generation to be used in the claim invention. 

b. "vicinity thereof on claim 18, line 3; claim 28, line 3 is vague and 
indefinite since it fails to set forth the limit on the range for the password 
candidates. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1,4-15 are rejected under 35 U.S.C. 1 03(a) as unpatentable over 
Ganesan in view of Yan ("A note on Proactive Password Checking", Sept. 2001 , 
Proceedings of the 2001 workshop on New security paradigms, pages 127-135), 
hereafter "Yan" 

8. With regard to claim 1 , Ganesan discloses a password strength checking method 
comprising: 

inputting a password to be checked (Col. 10, lines 26-27); 



generating a plaintext password candidate according to the same generation 
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procedure as that used by a password guessing tool (Col. 7, lines 32-38); 



determining whether or not the inputted password and the generated password 
candidate match each other (Col. 8, lines 39-42, log-likelyhood function 
compares the password P with the Markov chain reads on if inputted password 
matches with the candidate password); and 

outputting information of the determined password strength (Col 10, lines 39-41, 
notifies the user input device reads on outputting information). 

However, Ganesan does not disclose a password strength checking method 
where directing generation of the next password candidate when the match is not 
determined; determining strength of the inputted password based on the number 
of the generated password candidates when the match is determined;. 

Yan, on the other hand, discloses directing generation of the next password 
candidate when the match is not (Section 2.1 , lines 4-5, tries each of a list of 
word reads on generation of the next password if not match). 

determining strength of the inputted password based on the number of the 
generated password candidates (Table 1, line 5, search space column denotes 
the combinations of password reads on the number of generated password 
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candidate and the minutes in the cracking time column reads on the strength of 
the inputted password) when the match is determined (Section 2.1 , lines 4-6, 
hashed value of candidate matches a password hash reads on match password 
determination). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and the 
teachings of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, Page 128, second left paragraph, lines 2-4). 

9. With regard to claim 7, Ganesan discloses a password strength checking method 
comprising: 

Means for inputting a password to be checked (Col. 10, lines 26-27); 

Means for generating a plaintext password candidate according to the same 
generation procedure as that used by a password guessing tool (Col. 7, lines 32- 
38); 
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Means for determining whether or not the inputted password and the generated 
password candidate match each other (Col. 8, lines 39-42, log-likelyhood 
function compares the password P with the Markov chain reads on if inputted 
password matches with the candidate password); and 

Means for outputting information of the determined password strength (Col 10, 
lines 39-41, notifies the user input device reads on outputting information). 

However, Ganesan does not disclose a means for password strength checking 
apparatus where directing generation of the next password candidate when the 
match is not determined; Means for determining strength of the inputted 
password based on the number of the generated password candidates when the 
match is determined;. 

Yan, on the other hand, discloses means for directing generation of the next 
password candidate when the match is not (Section 2.1 , lines 4-5, tries each of a 
list of word reads on generation of the next password if not match); and 

Means for determining strength of the inputted password based on the number of 
the generated password candidates ((Table 1, line 5, search space column 
denotes the combinations of password reads on the number of generated 
password candidate and the minutes in the cracking time column reads on the 
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strength of the inputted password) when the match is determined (Section 2.1, 
lines 4-6, hashed value of candidate matches a password hash reads on match 
password determination). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and the 
teachings of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, Page 128, second left paragraph, lines 2-4). 

10. With regard to claim 8, Ganesan discloses a program (Col. 2, lines 16-17) for 
checking password strength that causes computer to execute: 

inputting a password to be checked (Col. 10, lines 26-27); 

generating a plaintext password candidate according to the same generation 
procedure as that used by a password guessing tool (Col. 7, lines 32-38); 

determining whether or not the inputted password and the generated password 
candidate match each other (Col. 8, lines 39-42, log-likelyhood function 
compares the password P with the Markov chain reads on if inputted password 
matches with the candidate password); and 
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outputting information of the determined password strength (Col 10, lines 39-41, 
notifies the user input device reads on outputting information). 

However, Ganesan does not disclose directing generation of the next password 
candidate when the match is not determined; and determining strength of the 
inputted password based on the number of the generated password candidates 
when the match is determined;. 

Yan, on the other hand, discloses directing generation of the next password 
candidate when the match is not (Section 2.1, lines 4-5, tries each of a list of 
word reads on generation of the next password if not match); and 

determining strength of the inputted password based on the number of the 
generated password candidates (Table 1, line 5, search space column denotes 
the combinations of password reads on the number of generated password 
candidate and the minutes in the cracking time column reads on the strength of 
the inputted password) when the match is determined (Section 2.1 , lines 4-6, 
hashed value of candidate matches a password hash reads on match password 
determination). 
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It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and the 
teachings of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, Page 128, second left paragraph, lines 2-4). 

11. With regard to claim 9, Ganesan discloses a recording medium (Col. 10, lines 16- 
18, network storage device or local storage device reads on recording medium) 
recording a password strength checking program (Col. 2, lines 16-1 7) that 
causes computer to execute 

inputting a password to be checked (Col. 10, lines 26-27); 

generating a plaintext password candidate according to the same generation 
procedure as that used by a password guessing tool (Col. 7, lines 32-38); 

determining whether or not the inputted password and the generated password 
candidate match each other (Col. 8, lines 39-42, log-likelyhood function 
compares the password P with the Markov chain reads on if inputted password 
matches with the candidate password); and 
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outputting information of the determined password strength (Col 10, lines 39-41, 
notifies the user input device reads on outputting information). 

However, Ganesan does not disclose directing generation of the next password 
candidate when the match is not determined; and determining strength of the 
inputted password based on the number of the generated password candidates 
when the match is determined;. 

Yan, on the other hand, discloses directing generation of the next password 
candidate when the match is not (Section 2.1 , lines 4-5, tries each of a list of 
word reads on generation of the next password if not match); and 

determining strength of the inputted password based on the number of the 
generated password candidates (Table 1, line 5, search space column denotes 
the combinations of password reads on the number of generated password 
candidate and the minutes in the cracking time column reads on the strength of 
the inputted password) when the match is determined (Section 2.1, lines 4-6, 
hashed value of candidate matches a password hash reads on match password 
determination). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and the 
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teachings of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, Page 128, second left paragraph, lines 2-4). 

12. With regard to claim 10, Ganesan discloses a password creation assisting 
method comprising: 

inputting a password to be targeted by creation assistance (Col. 10, lines 26-27, 
user input device reads on creation assistance) and characters' places 
information for identifying a character string to be checked that is included in the 
password (Col. 7, lines 35-37, the fact that the input strings was breaking up into 
trigrams - group of 3 characters by shifting to the right 1 characters at a time 
starting from the first character reads on the position of the trigram and each 
trigram reads on a character string to be checked). 

using a password candidate generating tool for generating a plaintext password 
candidate according to the same generation procedure as that used by a 
password guessing tool (Col. 2 lines 16-25, maintenance of a dictionary of bad 
passwords denotes password candidate generating tool) 

outputting the calculated character string strength (Col 10, lines 39-41 , notifies 
the user input device reads on outputting information). 
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However, Ganesan does not specifically disclose obtaining the number of 
password candidates until matching with the character string, and calculating 
strength of the character string based on the obtained number of generated 
password candidate. 

Yan, on the other hand, discloses obtaining the number of password candidate 
until matching with the character string (section 2.1 , lines 1-6, tries each 
password until hashed value of candidate matches a password hashed denotes 
the number of password generated), and calculating strength of the character 
string based on the number of the generated password candidates (Table 1, line 
5, search space column denotes the combinations of password reads on the 
number of generated password candidate and the minutes in the cracking time 
column reads on the strength of the inputted password) when the match is 
determined (Section 2.1, lines 4-6, hashed value of candidate matches a 
password hash reads on match password determination). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and the 
teachings of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, Page 128, second left paragraph, lines 2-4). 
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13. With regard to claim 1 1 , Ganesan discloses a password creation assisting 
method comprising: 

inputting a password to be targeted by creation assistance (Col. 10, lines 26-27, 
user input device reads on creation assistance) 

extract all or part of characters composing the inputted password together with 
places of the characters (Col. 7, lines 35-37, the fact that the input strings was 
breaking up into trigrams - group of 3 characters by shifting to the right 1 
characters at a time starting from the first character reads on the position of the 
trigram and each trigram reads on a character string that composes the inputted 
password). 

outputting the calculated character string strength (Col 10, lines 39-41, notifies 
the user input device reads on outputting information). 
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However, Ganesan does not specifically disclose identifying, for each of the 
extracted characters, a character rank at the extracted character position, with 
the extracted characters and the characters' place as a key, by referring to a 
table group recording character rank information for each character position, the 
table group being provided for a password guessing tool to use when guessing a 
password by checking all possible passwords, and calculate character strength 
for each of the extracted characters based on the identified character rank. 

Yan, on the other hand, discloses identifying, for each of the extracted 
characters, a character rank at the extracted character position (Table 1 , the 
dash line indicates the boundary of strong or weak of password and password 
patterns read on ranking of a password string and different combination of a 
password string reads on character position) with the extracted characters and 
the characters' place as a key (Table 1, the area column where password 
patterns or extracted passwords is presented indicates key of the character's) , 
by referring to a table group recording character rank information for each 
character position (Table 5, displays different password patterns reads on 
character position), the table group being provided for a password guessing tool 
to use when guessing a password by checking all possible password (Section 
3.3, second paragraph, lines 1-2, full password space reads on the provided 
table group). 
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Yan, further discloses calculate character strength (Table 5, cracking time 
column indicates a duration for identify a particular password pattern reads on 
the character strength calculation) for each of the extracted characters based on 
the identified character rank (Table 5, the search space contains different 
password patterns which reads on extracted characters and the dash line 
denotes strong or weak password patterns which reads on character rank). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and the 
teachings of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, Page 128, second left paragraph, lines 2-4). 

14. With regard to claim 12, Ganesan discloses a password creation assisting 
method comprising: 

inputting a password to be targeted by creation assistance (Col. 10, lines 26-27, 
user input device reads on creation assistance) 

extracting character strings increasing in length by an increment of one 
character, with the first character of the inputted password as a top characters 
(Col. 7, lines 35-37, the fact that the input strings was breaking up into trigrams - 



Application/Control Number: 10/677,277 Page 17 

Art Unit: 2196 

group of 3 characters by shifting to the right 1 character at a time for each trigram 
starting from the first character reads on extracting character advance by 1 with 
the first character as a top character). 

using a password candidate generating tool for generating a plaintext password 
candidate according to the same generation procedure as that used by a 
password guessing tool (Col. 2 lines 16-25, maintenance of a dictionary of bad 
passwords denotes password candidate generating tool) 

calculating transition value (Col. 6, lines 37-39). 

outputting the calculated character strength transition value (Col 10, lines 39-41 , 
notifies the user input device reads on outputting information). 

However, Ganesan does not specifically using a password guessing tool to 
obtain, for each of the extracted character strings, the number of password 
candidates which have been generated by the time a password candidate having 
the character string at the same characters' places is first generated, and 
calculating a character strength of the inputted password. 

Yan, on the other hand, discloses obtaining the number of password candidate 
until matching with the character string (section 2.1, lines 1-6, tries each 
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password until hashed value of candidate matches a password hashed denotes 
the number of password generated), and 

calculating character strength of the inputted password based on the obtained 
number of the generated password candidates (Table 1, line 5, search space 
column denotes the combinations of password reads on the number of generated 
password candidate and the minutes in the cracking time column reads on the 
strength of the inputted password) when the match is determined (Section 2.1, 
lines 4-6, hashed value of candidate matches a password hash reads on match 
password determination). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and the 
teachings of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, Page 128, second left paragraph, lines 2-4). 

15. With regard to claim 13, Ganesan discloses a program (Col. 2 lines 17-18) for 
assisting password creation executed in a computer, wherein the programs 
causes a computer to execute 
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inputting a password to be targeted by creation assistance and characters' 
places information for identifying a character string to be checked that is included 
in the password (Col. 10, lines 26-27); 

using a password candidate generating tool for generating a plaintext password 
candidate according to the same generation procedure as that used by a 
password guessing tool to obtain the number of password candidates which have 
been generated by the time a password candidate having the character string at 
the characters 1 places is first generated; (Col. 7, lines 32-38); 

outputting the calculated character string strength information (Col 10, lines 39- 
41 , notifies the user input device reads on outputting information). 

However, Ganesan does not disclose calculating strength of the character string 
based on the obtained number of generated password candidate. 

Yan, on the other hand, discloses the calculating strength of the character string 
based on the number of the generated password (Table 1, line 5, search space 
column denotes the combinations of password reads on the number of generated 
password candidate and the minutes in the cracking time column reads on the 
strength of the inputted password) when the match is determined (Section 2.1 , 
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lines 4-6, hashed value of candidate matches a password hash reads on match 
password determination). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and the 
teachings of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, Page 128, second left paragraph, lines 2-4). 

16. With regard to claim 14, Ganesan discloses a program (Col. 2 lines 17-18) for 
password creation assisting method comprising: 

inputting a password to be targeted by creation assistance (Col. 10, lines 26-27, 
user input device reads on creation assistance) 

extract all or part of characters composing the inputted password together with 
. places of the characters (Col. 7, lines 35-37, the fact that the input strings was 
breaking up into trigrams - group of 3 characters by shifting to the right 1 
characters at a time starting from the first character reads on the position of the 
trigram and each trigram reads on a character string that composes the inputted 
password). 
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outputting the calculated character strength information (Col 10, lines 39-41, 
notifies the user input device reads on outputting information). 

However, Ganesan does not specifically disclose identifying, for each of the 
extracted characters, a character rank at the extracted character position, with 
the extracted characters and the characters' place as a key, by referring to a 
table group recording character rank information for each character position, the 
table group being provided for a password guessing tool to use when guessing a 
password by checking all possible passwords, and calculate character strength 
for each of the extracted characters based on the identified character rank. 
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Yan, on the other hand, discloses identifying, for each of the extracted 
characters, a character rank at the extracted character position (Table 1 , the 
dash line indicates the boundary of strong or weak of password and password 
patterns read on ranking of a password string and different combination of a 
password string reads on character position) with the extracted characters and 
the characters' place as a key (Table 1 , the area column where password 
patterns or extracted passwords is presented indicates key of the character's) , 
by referring to a table group recording character rank information for each 
character position (Table 5, displays different password patterns reads on 
character position), the table group being provided for a password guessing tool 
to use when guessing a password by checking all possible password (Section 
3.3, second paragraph, lines 1-2, full password space reads on the provided 
table group). 

Yan, further discloses calculate character strength (Table 5, cracking time 
column indicates a duration for identify a particular password pattern reads on 
the character strength calculation) for each of the extracted characters based on 
the identified character rank (Table 5, the search space contains different 
password patterns which reads on extracted characters and the dash line 
denotes strong or weak password patterns which reads on character rank). 
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It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and the 
teachings of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, Page 128, second left paragraph, lines 2-4). 

17. With regard to claim 15, Ganesan discloses a program for assisting password 
creation executed in a computer, wherein the computer causes a computer to 
execute: 



inputting a password to be targeted by creation assistance (Col. 10, lines 26-27, 
user input device reads on creation assistance) 

extracting character strings increasing in length by an increment of one 
character, with the first character of the inputted password as a top characters 
(Col. 7, lines 35-37, the fact that the input strings was breaking up into trigrams - 
group of 3 characters by shifting to the right 1 character at a time for each trigram 
starting from the first character reads on extracting character advance by 1 with 
the first character as a top character). 



using a password candidate generating tool for generating a plaintext password 
candidate according to the same generation procedure as that used by a 
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password guessing tool (Col. 2 lines 16-25, maintenance of a dictionary of bad 
passwords denotes password candidate generating tool) 

calculating transition value (Col. 6, lines 37-39). 

outputting the calculated character strength transition value (Col 10, lines 39-41, 
notifies the user input device reads on outputting information). 

However, Ganesan does not specifically using a password guessing tool to 
obtain, for each of the extracted character strings, the number of password 
candidates which have been generated by the time a password candidate having 
the character string at the same characters' places is first generated, and 
calculating a character strength of the inputted password. 

Yan, on the other hand, discloses obtaining the number of password candidate 
until matching with the character string (section 2.1 , lines 1-6, tries each 
password until hashed value of candidate matches a password hashed denotes 
the number of password generated), and 

calculating character strength of the inputted password based on the obtained 
number of the generated password candidates (Table 1, line 5, search space 
column denotes the combinations of password reads on the number of generated 



Application/Control Number: 10/677,277 Page 25 

Art Unit: 2196 

password candidate and the minutes in the cracking time column reads on the 
strength of the inputted password) when the match is determined (Section 2.1 , 
lines 4-6, hashed value of candidate matches a password hash reads on match 
password determination). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and the 
teachings of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, Page 128, second left paragraph, lines 2-4). 

18. With regard to claim 4, Ganesan does not discloses the determining step 

estimates a time required for the password guessing tool to attack the password 
to be checked based on the number of the generated password candidates to 
determine the time as a password strength. 

Yan, on the other hand discloses the determining step estimates a time required 
for the password guessing tool to attack the password to be checked based on 
the number of the generated password candidates to determine the time as a 
password strength (Page 130, line 5, value column reads on the number of 
generated password candidate and the cracking time column reads on the 
estimate time). 
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It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and the 
teaching of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, Page 128, second left paragraph, lines 2-4). 

19. With regard to claim 5, Ganesan does not disclose the determining step 

calculates numerical information based on a ratio value of the possible maximum 
number of the password candidates to be generated and the number of the 
generated password candidates to determine the numerical information as a 
password strength. 

Yan, on the other hand discloses the determining step calculates numerical 
information based on a ratio value of the possible maximum number of the 
password candidates to be generated and the number of the generated 
password candidates to determine the numerical information as a password 
strength (Page 132, column percentage provides the number of combinations of 
a particular password characters string; thus it reads on the password strength is 
based on numerical information). 
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It would have been obvious to one of the ordinary skill in the art at the time of the 
applicants invention was made to combine the teachings of Ganesan and the 
teaching of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, Page 128, second left paragraph, lines 2-4). 

20. With regard to claim 6, Genesan discloses a method of password strength 
checking where the outputting step output information (Col 10, lines 39-41, 
notifies the user input device reads on outputting information). 

However, Ganesan does not discloses the outputting step further outputs 
information of a rank among passwords, which have been checked and for which 
password strength has been determined, which is identified based on the 
determined password strength. 

Yan, on the other hand discloses information of a rank among passwords 
(section 3.3, lines 2-4, the dash line divides between strong and weak password 
which reads on ranking), which have been checked (section 3.3, lines 4-5, "a 
password that falls into the following two categories" reads on password has 
found) and for which password strength has been determined, which is identified 
based on the determined password strength (section 3.3, lines 2-4). 
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It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and the 
teaching of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, Page 128, second left paragraph, lines 2-4). 

21 . Claim 2 is rejected under 35 U.S.C. 103(a) as unpatentable over Ganesan in 
view of Yan and further in view of Imazu (US PGPub No. 2002/0087892), hereafter 
"Imazu". 

22. With regard to claim 2, neither Ganesan nor Yan discloses the inputting step 
presents the password input state to a user in a form that the inputted content is 
not readable, requests re-input of the password from the user, and inputs the 
password to be checked only when the inputted two passwords match each other 
content is not readable, request re-input of the password from the user, and 
inputs the password to be checked only when the inputted two passwords match 
each other. 

Imazu, on the other hand, discloses the inputting step presents the password 
input state to a user in a form that the inputted content is not readable (Fig. 2, 
component 221a, element 223, password string is something that only recipient 
would know and normally would not be visible; thus it reads on the inputted 
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password is not readable), requests re-input of the password from the user (Fig. 
2, component 221b, element 226, "retry a password entry" reads on request re- 
input of the password), and inputs the password to be checked only when the 
inputted two passwords match each other (Fig. 4, component authenticator 100, 
element 1016, "password verified/authentication completed" reads on inputted 
passwords checking and determines if the two inputted password matches). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan, Yan and 
the teaching of Imazu in order to authenticate a user easily, comparatively 
cheaply, and safely (Imazu, [0012], lines 3-4). 

23. Claims 16, 20/16, and 21 are rejected under 35 U.S.C. 103(a) as unpatentable 
over Ganesan and in view of Blakely (US Pat No. 5862,323) hereafter "Blakely". 

24. With regard to claim 16, Ganesan discloses a password creating method 
(abstract) comprising : 

inputting a password to be checked (Col. 10, lines 26-27); 

generating a plaintext password candidate according to the same generation 
procedure as that used by a password guessing tool (Col. 7, lines 32-38); 
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Outputting the obtained password candidate as a password to be created (Col 
10, lines 39-41 , notifies the user input device reads on outputting information). 

Genesan, however, does not disclose inputting information of a generation rank 
for a password to be created and using a password candidate generating routine. 

On the other hand, Blakely discloses a generation rank for a password to be 
created (Col. 18, lines 32-33, password strength ERA reads on generation rank 
of a password). 

Furthermore, Blakely discloses using a password candidate generating routine 
for generating a plaintext password candidate according to the same generation 
procedure as that used by a password guessing tool to obtain a password 
candidate generated for the generation rank by the password candidate 
generating routine (Col. 9, lines 20-24, ERA reads on generation rank and 
foreign registry password propagate reads on password candidate that based on 
ERA ranking). 
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It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and 
Blakely to allow a user to avoid having multiple passwords and avoid the 
necessity of updating these passwords manually (Blakely, Col. 3, lines 4-6). 

25. With regard to claim 20/16, Ganesan disclose the password creating method 
where the outputting step determines whether or not the obtained password 
candidate matches any word registered with a dictionary (Col. 9, line 25-28) and, 
if not (Fig. 3, component 42, reads on condition of determining the obtained 
password matches with any word in a dictionary), outputs the obtained password 
candidate as a password to be created (Col. 10, lines 39-41 , notifies the user 
input device reads on outputting information). 

26. With regard to claim 21 , Ganesan discloses a program (Col. 2, lines 16-17) for 
creating password executed in a computer where the program causes a 
computer to execute: 

inputting a password to be checked (Col. 10, lines 26-27); 



generating a plaintext password candidate according to the same generation 
procedure as that used by a password guessing tool (Col. 7, lines 32-38); 
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Outputting the obtained password candidate as a password to be created (Col 
10, lines 39-41 , notifies the user input device reads on outputting information). 

Genesan, however, does not disclose inputting information of a generation rank 
for a password to be created and using a password candidate generating routine. 

On the other hand, Blakely discloses a generation rank for a password to be 
created (Col. 18, lines 32-33, password strength ERA reads on generation rank 
of a password). 

Furthermore, Blakely discloses using a password candidate generating routine 
for generating a plaintext password candidate according to the same generation 
procedure as that used by a password guessing tool to obtain a password 
candidate generated for the generation rank by the password candidate 
generating routine (Col. 9, lines 20-24, ERA reads on generation rank and 
foreign registry password propagate reads on password candidate that based on 
ERA ranking). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and 
Blakely to allow a user to avoid having multiple passwords and avoid the 
necessity of updating these passwords manually (Blakely, Col. 3, lines 4-6). 
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27. Claims 1 7, 20/1 7, and 22 are rejected under 35 U.S.C. 1 03(a) as unpatentable 
over Ganesan in view of Blakely, and further in view of Yan. 

28. With regard to claim 17, Ganesan discloses a password creating method 
(abstract) comprising : 

inputting a password to be checked (Col. 10, lines 26-27); 

Outputting the obtained password candidate as a password to be created (Col 
10, lines 39-41 , notifies the user input device reads on outputting information). 

Genesan, however, does not disclose inputting information indicating strength of 
a password to be created; converting the information indicating strength into 
information of a generation rank of a password candidate to be generated by a 
password candidate generating routine for generating a plaintext password 
candidate according to the same generation procedure as that used by a 
password guessing tool to obtain a password candidate generated for the 
generation rank by the password candidate generating routine; and using the 
password candidate generating routine to obtain a password candidate 
generated for the generation rank by the password candidate generating routine. 
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On the other hand, Blakely discloses inputting information indicating strength of a 
password to be created (Col. 13, lines 13-14, password composition rules 
produce combination of passwords that carry property of the rule, for example, 
mixed characters and numbers, which reads on indication of password strength). 

Furthermore, Blakely discloses using the password candidate generating routine 
to obtain a password candidate generated for the generation rank by the 
password candidate generating routine (Col. 9, lines 20-24, ERA reads on 
generation rank and foreign registry password propagate reads on password 
candidate that based on ERA ranking). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicants invention was made to combine the teachings of Ganesan and 
Blakely to allow a user to avoid having multiple passwords and avoid the 
necessity of updating these passwords manually (Blakely, Col. 3, lines 4-6). 

However neither Ganesan nor Blakely discloses converting the information 
indicating strength into information of a generation rank of a password candidate 
to be generated by a password candidate generating routine for generating a 
plaintext password candidate according to the same generation procedure as 
that used by a password guessing tool to obtain a password candidate generated 
for the generation rank by the password candidate generating routine; 
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Yan, on the other hand, discloses converting the information indicating strength 
(section 3.2, lines 6-8) into information of a generation rank of a password 
candidate (section 3.3, lines 6-12, low entropy categories denotes ranking of 
password) to be generated by a password candidate generating routine for 
generating a plaintext password candidate according to the same generation 
procedure as that used by a password guessing tool to obtain a password 
candidate generated for the generation rank by the password candidate 
generating routine; 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan, Blakely 
and teaching of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (Yan, second left paragraph, lines 2-4). 

29. With regard to claim 20/17, Ganesan disclose the password creating method 
where the outputting step determines whether or not the obtained password 
candidate matches any word registered with a dictionary (Col. 9, line 25-28) and, 
if not (Fig. 3, component 42, reads on condition of determining the obtained 
password matches with any word in a dictionary), outputs the obtained password 
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candidate as a password to be created (Col. 10, lines 39-41 , notifies the user 
input device reads on outputting information). 

30. With regard to claim 22, Ganesan discloses a program (Col. 2, lines 16-17) for 
creating password executed in a computer where the program causes a 
computer to execute: 

inputting a password to be checked (Col. 10, lines 26-27); 

Outputting the obtained password candidate as a password to be created (Col 
10, lines 39-41 , notifies the user input device reads on outputting information). 

Genesan, however, does not disclose inputting information indicating strength of 
a password to be created; converting the information indicating strength into 
information of a generation rank of a password candidate to be generated by a 
password candidate generating routine for generating a plaintext password 
candidate according to the same generation procedure as that used by a 
password guessing tool to obtain a password candidate generated for the 
generation rank by the password candidate generating routine; and using the 
password candidate generating routine to obtain a password candidate 
generated for the generation rank by the password candidate generating routine. 
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On the other hand, Blakely discloses inputting information indicating strength of a 
password to be created (Col. 13, lines 13-14, password composition rules 
produce combination of passwords that carry property of the rule, for example, 
mixed characters and numbers, which reads on indication of password strength). 

Furthermore, Blakely discloses using the password candidate generating routine 
to obtain a password candidate generated for the generation rank by the 
password candidate generating routine (Col. 9, lines 20-24, ERA reads on 
generation rank and foreign registry password propagate reads on password 
candidate that based on ERA ranking). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and 
Blakely to allow a user to avoid having multiple passwords and avoid the 
necessity of updating these passwords manually (Blakely, Col. 3, lines 4-6). 

However neither Ganesan nor Blakely discloses converting the information 
indicating strength into information of a generation rank of a password candidate 
to be generated by a password candidate generating routine for generating a 
plaintext password candidate according to the same generation procedure as 
that used by a password guessing tool to obtain a password candidate generated 
for the generation rank by the password candidate generating routine; 
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Yan, on the other hand, discloses converting the information indicating strength 
(section 3.2, lines 6-8) into information of a generation rank of a password 
candidate (section 3.3, lines 6-12, low entropy categories denotes ranking of 
password) to be generated by a password candidate generating routine for 
generating a plaintext password candidate according to the same generation 
procedure as that used by a password guessing tool to obtain a password 
candidate generated for the generation rank by the password candidate 
generating routine; 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan, Blakely 
and teaching of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (second left paragraph, lines 2-4). 

31. Claims 19/16 is rejected under 35 U.S.C. 103(a) as unpatentable over Ganesan 
in view of Blakely, and further in view of Kadooka (US. Pat. No. 5606663). 

32. With regard to claim 19/16, Ganesan discloses a password creating method 
(abstract) where the outputting steps outputs the obtained password candidate 
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as a password to be created (Col. 10, lines 39-41 , notifies the user input device 
reads on outputting information). 

Neither Ganesan nor Blakely discloses the outputting step determines whether or 
not the obtained password candidate matches any password outputted in the 
past. 

Kadooka, on the other hand, disclose step determines whether or not the 
obtained password candidate matches any password outputted in the past (Fig. 
4b, component 4-2-6). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan, Blakely, 
and teaching of Kadooka to make it possible to set the available period on the 
system side for each password according to the access frequency of the user 
who the password identifies and to prescribe a password updating period or a 
certain length of time immediately preceding the expiration of the available period 
(CoM. lines 48-53). 



33. Claims 19/17 is rejected under 35 U.S.C: 103(a) as unpatentable over Ganesan 
in view of Blakely, and further in view of Yan and Kadooka (US. Pat. No. 5606663). 
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34. With regard to claim 19/17, Ganesan discloses a password creating method 
(abstract) where the outputting steps outputs the obtained password candidate 
as a password to be created (Col. 10, lines 39-41 , notifies the user input device 
reads on outputting information). 

Neither Ganesan, Blakely nor Yan discloses the outputting step determines 
whether or not the obtained password candidate matches any password 
outputted in the past. 

Kadooka, on the other hand, disclose step determines whether or not the 
obtained password candidate matches any password outputted in the past (Fig. 
4b, component 4-2-6). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan, Blakely, 
and the teachings of Kadooka to make it possible to set the available period on 
the system side for each password according to the access frequency of the user 
who the password identifies and to prescribe a password updating period or a 
certain length of time immediately preceding the expiration of the available period 
(Kadooka, Col.1, lines 48-53). 
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35. Claims 3 is rejected under 35 U.S.C. 103(a) as unpatentable over Ganesan in 
view of Yan and further in view of Bergadano ("Proactive password checking with 
decision trees", April, 1997, Proceedings of the 4 th ACM conference on Computer and 
Communications security, pages 1-22). 

36. With regard to claim 3, Ganesan does not disclose the inputting step also inputs 
user attribute information. However, Yan discloses the inputting step also inputs 
user attribute information (first paragraph, lines 4-5, UserlD reads on user 
attribute information). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan and 
teaching of Yan to provide good password selection policies enforced by 
proactive checking is still one of desirable methods to improve password security 
in practice (second left paragraph, lines 2-4). 

Nevertheless, neither Ganesan nor Yan disclose the controls strength checking 
not to be executed for the inputted password when the inputted user attribute 
information and the inputted password match each other. 

On the other hand, Bergadano discloses the controls strength checking not to be 
executed for the inputted password when the inputted user attributes information 
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and the inputted password match each other (Page 3, third paragraph, lines 2-4, 
"obvious password" reads on matching of user attribute information and inputted 
password). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to combine the teachings of Ganesan, Yan, and 
the teachings of Bergadano to provide the best approach in password checking 
(Bergadano, page 3, fourth paragraph, line 1 ). 

Allowable Subject Matter 

37. Claims 18, and 23 would be allowable if rewritten to overcome the rejection(s) 
under 35 U.S.C. 112, 2nd paragraph, set forth in this Office action and to include all of 
the limitations of the base claim and any intervening claims. 

38. The following is a statement of reasons for the indication of allowable subject 
matter: 

39. With regard to claims 18 and 23, prior art record fails to show or reasonably 
suggest, "the password creating method and program wherein the obtaining step 
creates one or more generation ranks by changing the value of the generation 
rank randomly and in vicinity thereof to obtain password candidates generated at 
the created generation ranks in addition to or instead of the generation rank." 
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Conclusion 

40. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. US. Pat No. 7,058,817 to Ellmore (Discloses account access base on 
credential authorization level) 

b. US. Pat No. 6,079,021 to Abadi et al. (Discloses strengthening password 
process using hash function.) 

c. US. PGPub. No. 20050044390 to Trostle. (Discloses classifying character 
within a string and determine time and interrupts to prevent Trojan time 
attack). 

d. US. Pat. No. 6,145,086 to Bellemore et al. (Discloses process of 
determine access level based on a password). 

e. US. Pat. No. 5,592,553 to Guski et al. (Discloses one-time password 
access of multiple host). 

f. US. Pat No. 5,588,056 to Ganesan (Discloses pronounceable password 
generation process using word segments). 

g. US. Pat. No. 7,120,302 to Billester (Discloses characters recognition 
accuracy process based on confidence indication). 

h. US. PGPub No. 2001/0026231 to Satoh (Discloses compression data 
process by using each address of character string data in an input buffer 
to predetermined order). 
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i. US PGPub No. 2001/0034617 to Kimata (Discloses sharing medical 

record over the network using a single userlD and 2 passwords for login 
and manipulating the record). 

j. Matt Bishop, "Proactive Password Checking", 4 th Workshop on Computer 
Security Incident Handling, August 1992". (Discloses general strong 
password formats and provides comparison of different password 
checking utilities.) 

41 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Khoi Nguyen whose telephone number is 570-270-1251 . 
The examiner can normally be reached on M-Fri (7:30-5:00) Fri (7:30 - 4:00). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nabil E. El Hady can be reached on 571-272-3963. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-21 7-9197 (toll-free). If you would like assistance from a USPTO 
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Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

KN 

Khoi Nguyen 




